I am unable to share my config file, as it is an automatically generated config containing our private encryption key. The disconnect always occurs after the following lines appear in the log after being connected from several hours to days.
Code: Select all
Wed Jun 20 14:53:07 2018 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Jun 20 14:53:07 2018 VERIFY OK: nsCertType=SERVER
Wed Jun 20 14:53:07 2018 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Jun 20 14:53:08 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jun 20 14:53:08 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Jun 20 14:53:08 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 20 14:53:08 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jun 20 14:53:08 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Jun 20 14:53:08 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 20 14:53:08 2018 Control Channel: TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
When the connection drops, the only way to get the VPN to connect is to kill the OpenVPN-GUI.exe, OpenVPN.exe and OpenVPNServ.exe processes, followed by restarting the virtual network adapter then restarting the client. Alternatively, rebooting the server also resolves the issue (temporarily). If these steps are done in the wrong order, or if you fail to perform a step, the VPN will not reconnect & wait for the TUN/TAP adapter to come up indefinitely.
This would not be such a problem if I could get the VPN to automatically reconnect. As the network adapter needs to be restarted for this to reconnect, I have created the following script task to restart everything;
Code: Select all
rem This script is fired from Task Scheduler (using Custom Event filter) to check VPN connection and restart the VPN service.
rem Checks if pinging an outside address can connect. If yes, do nothing, if no, restart the service.
ping -n 1 sanitized.ip.address.0 > testping.txt
findstr /r /c:"Reply from \d*.\d*.\d*.\d*.* bytes=\d*.*time[<=]\d*.* TTL=\d*" testping.txt
IF ERRORLEVEL 1 goto run
rem do nothing because address is pingable
goto finished
:run
rem Next section will kill & restart service/process and network adapter
netsh interface set interface "Local Area Connection 2" disabled
netsh interface set interface "Local Area Connection 2" enabled
timeout 5
taskkill.exe /F /IM openvpn-gui.exe
taskkill.exe /F /IM openvpn.exe
taskkill.exe /F /IM ovpntray.exe
net stop "OpenVPN Interactive Service"
net start "OpenVPN Interactive Service"
timeout 1
start /b "" "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect default.ovpn
:finished
I'd like either a way to prevent these disconnects, a method to find the root cause of these disconnects, or a way to automatically reconnect the server following a disconnect. Any help is appreciated. If there is any other information I can give to help troubleshoot the issue please let me know and I will do my best to provide it.
Thanks,
Jack